BC & DR Flashcards
What does BCP deal with?
Keeping business operations running
What does DRP deal with?
Restoring normal business operations after the disaster tales place
What are three common elements between BCP and DRP?
- Identification of critical business functions
- Identification of disaster scenarios
- Experts
What two assessments are commonly used to identify critical business functions?
- Business Impact Assessment
- Vulnerability Assessment
What two elements are commonly used to rank possible disaster scenarios?
Probability and Impact
What term is used to describe the blending of BCP and DRP into a single mission?
COOP (Continuity of Business Operations)
What are 3 important elements of a BCP project?
- Senior Management Support
- Senior Management Involvement
- Project Team Membership
A BCP project generally consists of which 4 components?
- scope determination
- BIA
- BCP
- Implementation
What is the term used to describe a project scope when it grows beyond the original intent?
Scope Creep
What type of assessment would you carry out determine which business functions are more resillient and which are more fragile?
Business Impact Assessment
How are the effects of an impact generally categorised?
Quantitative and Qualitative
What 5 tasks need to be performed well as part if a Business Impact Assessment?
- Perform a Vulnerability Assessment
- Carry out a criticality assessment
- Determine the maximum tolerable downtime
- Establish recovery targets
- Determine resource requirements
What is a criticality assessment?
Determines how critically important a particular business function is to the ongoing viability of the organisation.
What type of assessment determines the impact, both quantitative and qualitative - of the loss of a critical business function?
Vulnerability Assessment
Which type of assessment should identify critical support areas?
vulnerability assessment
What are the steps in a criticality assessment?
- Inventory all high level business functions and rank them in order of criticality
- Describe the impact of a disruption to each function on overall business operations.
- Estimate the duration of a disaster event
- Consider the impact of a disruption based on the length of time that a disaster impairs critical business functions.
What does MTD stand for in relation to BCP?
Maximum Tolerable Downtime
What are the two objectives when assessing recovery targets?
Recovery Time Objective
Recovery Point Objective
What term is used to describe the maximum period of time in which a business process must be restored after a disaster?
Recovery Time Objective
What term is used to describe the maximum period of time in which data might be lost if a disaster strikes?
Recovery Point Objective
4 typical resource requirements are:
- IT Systems and application
- Key personnel
- Business equipment
- Supplier and Partners
What is the businesses highest priority in the event of a disaster?
Personnel safety
What is the difference between an incremental and differential backup?
Differential takes a backup of changed files only since last full backup. Incremental takes a backup of changed files only whether it be since last full backup or last incremental backup
What 3 things should be considered when scheduling a data backup plan?
- time taken to perform backups
- time taken to restore backups
- procedures for restoring data
name 4 types of data backup
- Magnetic tape
- Virtual Tape Library
- Site replication
- Remote backup (internet)
What type of agreement involves a software vendor sending a copy of its software code to a third party in the event of a disaster
Software escrow agreement
What are two ways of providing power during prolonged power outages?
UPS (Uninterrupted power supply)
Emergency electric generator
What is another benefit of a UPS asides from continued power supply?
Controlled Shutdown
What are the 5 common types of data sites?
Cold Site Warm Site Hot Site Reciprocal Site Multi-site
What is a cold site in relation to a DC?
Empty computer room with basic environmental facilities, ie UP, heating, ventilation, etc.
What is a warm site in relation to a DC?
A cold site with computers and communication links in place, but applications and business data must still be loaded
What is a hot site in relation to a DC?
Second live site mirroring the primary
What is a reciprocal site in relation to a DC?
agreement in place with third party that pledges availability of their DC in the event of a disaster
What is a multi site in relation to a DC?
Multiple sites used to run daily operations. site is also staffed
Which type of site provides the most rapid recovery in the event of a disaster but is also the most costly to maintain? Hot, Warm or Cold?
Hot
All employees in the organisation must know about the business continuity plan. True or False?
True
The salvage team is concerned with restoring full functionality to a damaged facility. What are generally the 4 steps to achieving this?
- Damage assessment.
- Salvage assets
- Cleaning
- Restoring facility to operational readiness
A recovery test that includes loading data onto recovery systems without taking the production systems down is otherwise known as:
a parallel test
What are the 5 basic functions that should be available after a failover (custover) test?
- User Access
- Administrative Access
- Support
- Integrations to other applications
- Reporting
What is the first step before starting a Business Continuity Plan?
Gaining senior management support
How can financial risk be calculated in relation to Business Continuity?
P * M = C
Probability of harm * Magnitude of harm = Cost of Prevention
Title IX of the “The Implementing The 9/11 Commission Reconsiderations Act of 2007” addresses what?
private sector organisations validate their readiness to recover by comparing their programs against an unnamed standard. NFPA 1600 recommended as the standard to be used.
What os the British Standard for having a Business Continuity Plan?
BS25999
What is the FFIEC BCP Booklet?
Federal Financial Institutions Examination Council
Do FFIEC state that a business should be aware of the BCP plans of its third party providers?
Yes
What is the US FInancial Integrity Regulatory Authority Rule 4370 (FINRA)
defines a minimum standard for BCP
What are additioinal regulations on Financial Frms in relation to BCP?
National Association of Insurance Commissioners (NAIC)
National Futures Associatoin Compliance Rule 2-38
Electronic Funds Transfer Act
Basel committee - for banks regarding BCP
HIPAA - health
Which country in the world was the first to introduce a standard and certification program for BCP?
Singapore (Standard for Business COntinuity/Disaster Recovery Service Providers (SS507)
What is the Sarbanes Oxley Section 404?
Management assessment of Internal Controls. inlcudes management responsibility for maintaining financial repoting and assessment at end of yer
In Sarbanes Oxlet what is PCAOB?
Public Accounting Oversight Board - responsible for BCP
What is mobile site?
dc of anorganisation in a mobile trailer
Event impacts should be categorised as following?
Non-incident
Incident
Severe incident
